You'll be fine with the LP + form. Just follow the directions for a referral form (empty mkt_trk from the form on submission).*
Other than the not-actually-private nature of the page (give it an impossible-to-guess random URL), the remaining concern is if your company's email protection software not only test-clicks links, but opens full pages in a headless browser (the same feature that derails click tracking). Giving them a big button to confirm the update, rather than doing a truly automated submission, is safer.
* Also, just to be precise, it's not that the "SDR IP would be associated with the [lead's] email" but that the SDR's cookie would be associated.
But by omitting the cookie from the form post you get around that.
Thanks for the info. I'll give that a shot.